- From: Yaron Goland <yarong@microsoft.com>
- Date: Mon, 24 Mar 1997 14:16:31 -0800
- To: "'dmk@research.bell-labs.com'" <dmk@research.bell-labs.com>, http-wg@cuckoo.hpl.hp.com
I must be going dense but the section stating "Reject cookie if there is a port-list and the original connection was not to a listed port." confuses me. It sounds like something I agree w/but I'm not clear on what it means. If a set-cookie2 with a port list comes down and is accepted and then a second set-cookie2 comes down, which matches the first cookie, but isn't from the right port, the second set-cookie2 is to be ignored? Yaron > -----Original Message----- > From: dmk@research.bell-labs.com [SMTP:dmk@research.bell-labs.com] > Sent: Monday, March 24, 1997 8:26 AM > To: http-wg@cuckoo.hpl.hp.com > Subject: cookie Port summary > > Here's my summary and elaboration of the proposal for restricting > ports > in cookies. > > Set-Cookie2 > 1) Syntax: > port-attr = "Port" [ "=" <"> 1#port-list <"> ] > port-list = decimal-number > > Note: port-attr is, of course, itself optional. > > 2) Semantics > Reject cookie if there is a port-list and the original connection was > not to a listed port. > > Cookie: > 1) Syntax: > (Return Port as $Port, with its value as received in Set-Cookie2, if > any.) > > 2) Semantics, based on the Port attribute in Set-Cookie2: > - default (no Port) behavior: send cookie to any port > - "Port" behavior: send cookie only to port from which it was > received > - "Port=port-list" behavior: send cookie only to a listed port > > Note: Port rules apply only after the Domain rules make the cookie > otherwise > sendable. > > Comments? > Dave Kristol
Received on Monday, 24 March 1997 14:40:45 UTC